GDPR Compliance

EU General Data Protection Regulation

On May 25th, 2018, The EU General Data Protection Regulation (GDPR) will go into effect. This regulation enhances the data privacy protections for European Union citizens and is a mandatory requirement for any company with access to personal data of EU citizens.

FastSpring complianceFastSpring is committed to being fully GDPR compliant by May 25, 2018. In the meantime, FastSpring.com complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.

What is the GDPR?The GDPR is a European Union regulation that establishes a new framework for handling and protecting the personal data of EU-based residents. It comes into effect on May 25, 2018.

Personal data plays a huge part in society and the economy. It is essential that people have—and know they have—control and clarity over how their data is used, are protected by any organization they interact with, and that organizations are given clear guidelines to protect their personal data.

One of the aims of the GDPR is to harmonize and bring data privacy laws across Europe up to speed with the rapid technological change in the past two decades. It builds upon the current legal framework in the European Union, including the EU Data Protection Directive in existence since 1995.

What constitutes personal data?Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, or bank details to posts on social networking websites, medical information, or a computer IP address.

Who does the GDPR affect?GDPR compliance is different for every company and depends on, among other factors, company size, the types and amount of data it processes, and its current security and privacy measures.

The GDPR will apply not only to organizations located within the EU, but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.